cyber security considerations for industrial control systemsimpact on physical systems. develop...
Post on 28-May-2020
7 Views
Preview:
TRANSCRIPT
Weichao WangCollege of Computing and InformaticsUNC Charlotte
Cyber Security Considerations for Industrial Control Systems
Common configuration
DMZ
Enterprise Network
Control Room
Outstation
WWW
Can malware infect the control room or outstation?
DMZ
Enterprise Network
Control Room
Outstation
WWW
Yes
Can malware infect the control room or outstation?
DMZ
Enterprise Network
Control Room
Outstation
WWW
Yes
What about serial? RS-232/485
Stuxnet
Take aways
Industrial control systems can be infected by malware.
An electronic security perimeter alone is insufficient protection.
Need a defense in depth approach.
Risk Assessment
Should consider likelihood of attack cost of attack impact of attack
Compared to cost of prevention likelihood of prevention
MSU ECE 8990 Smart Grid
Interruption (Denial of Service)
An asset of the system is destroyed of becomes unavailable or unusable
Attack on availability Disabling the file management system LonTalk protocol example May not be physical destruction. (mostly are
not) May be temporary.
DOS Prevention
Defense at the protocol level Monitor the active connections
Monitor and react Monitor network traffic for DOS attacks Close offending ports Is it OK to close a network port in an ICS
network? Test devices for vulnerability
○ Protocol mutation (fuzzing)○ Known attacks○ Floods
MSU ECE 8990 Smart Grid
Interception An unauthorized party gains access to an
asset Attack on confidentiality Wiretapping to capture data in a network Intercepting a password -> bad Intercepting a password file -> worse Intercepting ICS data -> what can the
attackers learn?
MSU ECE 8990 Smart Grid
You have to be really careful: encryption does not solve all problems Key distribution and update Forward and backward secrecy Pairwise key or group based communication
MSU ECE 8990 Smart Grid
Modification An unauthorized party not only gains
access but tampers with an asset Attack on integrity Change values in a data file Alter a program to make it perform
differently Modify content of messages transmitted on
a network
man-in-the-middle (MITM)
MSU ECE 8990 Smart Grid
Modification Modification in ICS -> very bad Feedback control uses ○ sensors to monitor physical process○ Controllers to control the physical process.
Modifying measured output, measured error, system input, or reference affects system output.
MSU ECE 8990 Smart Grid
Modification Need to defend the sensor. Need to defend the device which
measures error. Need to defend the controller. Need to defend the communication
network.
MSU ECE 8990 Smart Grid
MSU ECE 8990 Smart Grid
Fabrication
Unauthorized party inserts counterfeit objects into the system
Attack on authenticity Insertion of spurious messages in a network Addition of records to a file ICS – insertion of
spurious/unwanted/unauthorized control ICS – adding data to a historian
MSU ECE 8990 Smart Grid
Cybersecurity Testing and Risk Assessment for Industrial Control Systems
Denial of Service
Known attacks
High volume traffic
Protocol mutation
Device Security
AssessmentSecurity features
Standards conformance
Port scan
Vulnerability scan
Confidentiality, Integrity
Password confidentiality
Password storage
Man-in-the-middle
•Many vulnerabilities identified and communicated to vendor and project partner.
Identify vulnerabilities, implement attacks, investigate impact on physical systems.
Develop security solutions; system protection, intrusion detection, attack resilience
Train engineers and scientists for control systems security careers.
CyberSecurity
IndustrialControl
Systems
Critical Infrastructure Protection Center
top related